Commit c25b2ae1 authored by Hao Luo's avatar Hao Luo Committed by Alexei Starovoitov
Browse files

bpf: Replace PTR_TO_XXX_OR_NULL with PTR_TO_XXX | PTR_MAYBE_NULL 



We have introduced a new type to make bpf_reg composable, by
allocating bits in the type to represent flags.

One of the flags is PTR_MAYBE_NULL which indicates a pointer
may be NULL. This patch switches the qualified reg_types to
use this flag. The reg_types changed in this patch include:

1. PTR_TO_MAP_VALUE_OR_NULL
2. PTR_TO_SOCKET_OR_NULL
3. PTR_TO_SOCK_COMMON_OR_NULL
4. PTR_TO_TCP_SOCK_OR_NULL
5. PTR_TO_BTF_ID_OR_NULL
6. PTR_TO_MEM_OR_NULL
7. PTR_TO_RDONLY_BUF_OR_NULL
8. PTR_TO_RDWR_BUF_OR_NULL

Signed-off-by: default avatarHao Luo <haoluo@google.com>
Signed-off-by: default avatarAlexei Starovoitov <ast@kernel.org>
Link: https://lore.kernel.org/r/20211217003152.48334-5-haoluo@google.com
parent 3c480732

include/linux/bpf.h

+9 −9
Original line number Diff line number Diff line
@@ -465,18 +465,15 @@ enum bpf_reg_type { 
	PTR_TO_CTX,		 /* reg points to bpf_context */

	CONST_PTR_TO_MAP,	 /* reg points to struct bpf_map */

	PTR_TO_MAP_VALUE,	 /* reg points to map element value */

	PTR_TO_MAP_VALUE_OR_NULL,/* points to map elem value or NULL */

	PTR_TO_MAP_KEY,		 /* reg points to a map element key */

	PTR_TO_STACK,		 /* reg == frame_pointer + offset */

	PTR_TO_PACKET_META,	 /* skb->data - meta_len */

	PTR_TO_PACKET,		 /* reg points to skb->data */

	PTR_TO_PACKET_END,	 /* skb->data + headlen */

	PTR_TO_FLOW_KEYS,	 /* reg points to bpf_flow_keys */

	PTR_TO_SOCKET,		 /* reg points to struct bpf_sock */

	PTR_TO_SOCKET_OR_NULL,	 /* reg points to struct bpf_sock or NULL */

	PTR_TO_SOCK_COMMON,	 /* reg points to sock_common */

	PTR_TO_SOCK_COMMON_OR_NULL, /* reg points to sock_common or NULL */

	PTR_TO_TCP_SOCK,	 /* reg points to struct tcp_sock */

	PTR_TO_TCP_SOCK_OR_NULL, /* reg points to struct tcp_sock or NULL */

	PTR_TO_TP_BUFFER,	 /* reg points to a writable raw tp's buffer */

	PTR_TO_XDP_SOCK,	 /* reg points to struct xdp_sock */

	/* PTR_TO_BTF_ID points to a kernel struct that does not need
@@ -494,18 +491,21 @@ enum bpf_reg_type { 
	 * been checked for null. Used primarily to inform the verifier

	 * an explicit null check is required for this struct.

	 */

	PTR_TO_BTF_ID_OR_NULL,

	PTR_TO_MEM,		 /* reg points to valid memory region */

	PTR_TO_MEM_OR_NULL,	 /* reg points to valid memory region or NULL */

	PTR_TO_RDONLY_BUF,	 /* reg points to a readonly buffer */

	PTR_TO_RDONLY_BUF_OR_NULL, /* reg points to a readonly buffer or NULL */

	PTR_TO_RDWR_BUF,	 /* reg points to a read/write buffer */

	PTR_TO_RDWR_BUF_OR_NULL, /* reg points to a read/write buffer or NULL */

	PTR_TO_PERCPU_BTF_ID,	 /* reg points to a percpu kernel variable */

	PTR_TO_FUNC,		 /* reg points to a bpf program function */

	PTR_TO_MAP_KEY,		 /* reg points to a map element key */

	__BPF_REG_TYPE_MAX,



	/* Extended reg_types. */

	PTR_TO_MAP_VALUE_OR_NULL	= PTR_MAYBE_NULL | PTR_TO_MAP_VALUE,

	PTR_TO_SOCKET_OR_NULL		= PTR_MAYBE_NULL | PTR_TO_SOCKET,

	PTR_TO_SOCK_COMMON_OR_NULL	= PTR_MAYBE_NULL | PTR_TO_SOCK_COMMON,

	PTR_TO_TCP_SOCK_OR_NULL		= PTR_MAYBE_NULL | PTR_TO_TCP_SOCK,

	PTR_TO_BTF_ID_OR_NULL		= PTR_MAYBE_NULL | PTR_TO_BTF_ID,

	PTR_TO_MEM_OR_NULL		= PTR_MAYBE_NULL | PTR_TO_MEM,



	/* This must be the last entry. Its purpose is to ensure the enum is

	 * wide enough to hold the higher bits reserved for bpf_type_flag.

	 */

include/linux/bpf_verifier.h

+4 −0
Original line number Diff line number Diff line
@@ -18,6 +18,8 @@ 
 * that converting umax_value to int cannot overflow.

 */

#define BPF_MAX_VAR_SIZ	(1 << 29)

/* size of type_str_buf in bpf_verifier. */

#define TYPE_STR_BUF_LEN 64



/* Liveness marks, used for registers and spilled-regs (in stack slots).

 * Read marks propagate upwards until they find a write mark; they record that
@@ -484,6 +486,8 @@ struct bpf_verifier_env { 
	/* Same as scratched_regs but for stack slots */

	u64 scratched_stack_slots;

	u32 prev_log_len, prev_insn_print_len;

	/* buffer used in reg_type_str() to generate reg_type string */

	char type_str_buf[TYPE_STR_BUF_LEN];

};



__printf(2, 0) void bpf_verifier_vlog(struct bpf_verifier_log *log,

kernel/bpf/btf.c

+5 −2
Original line number Diff line number Diff line
@@ -4940,10 +4940,13 @@ bool btf_ctx_access(int off, int size, enum bpf_access_type type, 
	/* check for PTR_TO_RDONLY_BUF_OR_NULL or PTR_TO_RDWR_BUF_OR_NULL */

	for (i = 0; i < prog->aux->ctx_arg_info_size; i++) {

		const struct bpf_ctx_arg_aux *ctx_arg_info = &prog->aux->ctx_arg_info[i];

		u32 type, flag;



		type = base_type(ctx_arg_info->reg_type);

		flag = type_flag(ctx_arg_info->reg_type);

		if (ctx_arg_info->offset == off &&

		    (ctx_arg_info->reg_type == PTR_TO_RDONLY_BUF_OR_NULL ||

		     ctx_arg_info->reg_type == PTR_TO_RDWR_BUF_OR_NULL)) {

		    (type == PTR_TO_RDWR_BUF || type == PTR_TO_RDONLY_BUF) &&

		    (flag & PTR_MAYBE_NULL)) {

			info->reg_type = ctx_arg_info->reg_type;

			return true;

		}

kernel/bpf/map_iter.c

+2 −2
Original line number Diff line number Diff line
@@ -174,9 +174,9 @@ static const struct bpf_iter_reg bpf_map_elem_reg_info = { 
	.ctx_arg_info_size	= 2,

	.ctx_arg_info		= {

		{ offsetof(struct bpf_iter__bpf_map_elem, key),

		  PTR_TO_RDONLY_BUF_OR_NULL },

		  PTR_TO_RDONLY_BUF | PTR_MAYBE_NULL },

		{ offsetof(struct bpf_iter__bpf_map_elem, value),

		  PTR_TO_RDWR_BUF_OR_NULL },

		  PTR_TO_RDWR_BUF | PTR_MAYBE_NULL },

	},

};

kernel/bpf/verifier.c

+125 −173

File changed.

Preview size limit exceeded, changes collapsed.